Automated Processes and Procedures Ensure Consistent Incident Response Across the Enterprise
Cylance Inc., the leading provider of AI-driven, prevention-first security solutions, announced the availability of response playbooks for automated incident response as part of its leading endpoint detect and respond offering, CylanceOPTICS™.
CylanceOPTICS customers around the world now benefit from the ability to set up consistent, multistep, automated responses or “playbooks” for immediate execution on an endpoint where a threat detection occurs. Playbook responses work from a set of AI-based rules that describe actions executed against input data and triggered by an event. Cylance playbooks include the effective replication of security analyst decision making with no cloud or human intervention required.
“A minor security event can turn into a widespread, uncontrolled security incident in a matter of milliseconds,” said Sasi Murthy, vice president of product marketing at Cylance. “By turning every endpoint into a miniature security operations center, we provide organizations the ability to instantly detect and respond to threats locally without having to send data to the cloud, which saves valuable time and reduces the risk of a damaging—and very public—compromise.”
CylanceOPTICS exposes field-tested artificial intelligence to detect and prevent advanced threats, enabling organizations to use automated analyses to disrupt attackers across their environments. It also builds the policies for device control and memory exploitation protection that prevent attacks from executing in the network. By creating automated playbooks within CylanceOPTICS, organizations can be confident that appropriate and strategic responses will be taken, regardless of who is staffing the security environment.
One of the biggest challenges security teams face today is the widening global cybersecurity skills shortage, with some forecasts estimating shortfall of some two million positions in 2019. Response playbooks expand the capabilities of Cylance’s next-generation AI platform by enabling automated incident response, freeing up analysts for higher-value tasks without an increase in headcount or process complexity.
“Hospitals and clinics have become popular targets for cyber threat actors, who understand the critical value of clinical data and operational systems and devices in the healthcare industry,” said Eric Cornelius, chief product officer at Cylance. “The ability to set up response playbooks with CylanceOPTICS not only provides security analysts peace of mind, it also ensures incidents are contained immediately on the endpoint without compromising the network hospital staff and patients rely on.”
CylanceOPTICS users can now create up to 100 playbooks to execute tasks automatically on endpoints when a detection rule (whether static, machine-learned, or custom) is triggered. Playbooks can be set up to execute both OPTICS and third-party product responses, such as forensic analysis, memory capture, and IT ticketing. These automated responses eliminate the execution latency that can cause minor security events to balloon into major, business-crippling security incidents.